MS Exchange Tips

Monday, January 31, 2011

Exchange 2010 Mailbox Move An error occurred while updating a user object after the move operation. --> The value 'HTTP§1§1§§§§§§' is already present

When performing a cross forest mailbox move using the new-moverequest, the mailbox move fails at the completing stage when viewing in the move request in the EMC. When you open the move request for the user in the details tab you see the following error.

Error details: An error occurred while updating a user object after the move operation. --> The value 'HTTP§1§1§§§§§§' is already present in the collection.

Resolution: Delete the protocolsettings using adsiedit for both the source and target user.

1. Open adsiedit.msc from run command on source DC2. Locate your user in the domain partition3. Locate attribute protolsettings and delete all values4. Repeat steps for target user in target domain5. Resume the failed mailbox move

Exchange 2010 New Forest Migration Provisioning Distribution Lists

Exchange 2007 and Exchange 2010 have the ability to provision mailbox enabled users. What about Exchange Distribution Lists? Previous options were to use a third party migration suite or powershell or even LDIFDE. As you noticed ADMT 3.2 by default does provision or create Exchange Distribution Lists. If you use ADMT 3.2 to migrate a Distribution List, it will get migrated to the target forest but as a flat AD group only. Exchange is unware of this group being a Distribution Group. In order for ADMT 3.2 to provision this as an AD group you have to prevent ADMT 3.2 from exluding Exchange attributes during the migration.

Create a new notepad file and name it ADMTexclusion.vbs and enter the lines below.Set objMig = CreateObject("ADMT.Migration")objMig.SystemPropertiesToExclude = ""

Then run the file on your ADMT server:

C:\Windows\SysWOW64>cscript c:\admin\scripts\admtexclusion.vbs

Caveats: ADMT excludes Exchange attributes by default to prevent issues with provisioning mailbox users prior to Exchange 2010 SP1. So ensure that you're on SP1. To get additional details read article below. Also note that even though you provision the DL with ADMT it will not bring over all the attributes such as send restrictions, hide from GAL etc.

IIS7 Application Request Routing and Outlook Anywhere 2010?

Is it possible to use IIS7 ARR as an alternative reverse proxy in lieu of UAG\TMG? From testing, I was able to get it to work but had to pan out some key issues.

After setting ARR up to point to my CAS servers, OA did not connect.

The issue was with IIS7 default 30MB HTTP request limit. The IIS trace logs show that Outlook is trying to send 1GB (1073741824 bytes) of data and getting 404.13 Content length too large. Note this is an empty mailbox. Once we up this to this value it works. The request is always sending exactly this much data which MS thinks it could actually an error code in the bytes field and not actually the bytes. 1073741824 also represents “unknown error condition” code. Highly unlikely it’s sending 1GB since the IIS logs on the Exchange server do not show this. Theory is that ARR is running into some error condition trying to process rpc over http requests.

Resolution: You have a mailbox that has a quota of 0 set. In this case, I had configured a mailbox with a 0 send\receive limit for users to use to check Freebusy times during migration coexistence and prohibited the account from sending\receiving email.

Monday, January 24, 2011

5.4.6 Hop count exceeded - possible mail loop - Forest Migration

After you perform a cross forest mailbox move, the user is able to send emails, but cannot receive. You receive the following NDR.

Delivery has failed to these recipients or groups:Bob Smith (bsmith@company.com)A problem occurred during the delivery of this message. Please try to resend the message later. If the problem continues, contact your helpdesk.The following organization rejected your message: mail.company.com.

The reason is you used ADMT and didn't exclude the necessary exchange attributes. Therefore prepare-moverequest fails to merge to the existing object brought over by ADMT. The provisioning script must match 3 attributes: Proxyaddresses, mail and mailnickname. You must have all 3 attributes set in order for the script to match and merge the MEU then excluse all other Exchange attributes.

You must script the move to stop the exclusion of some core exchange attributes. The link below shows a sample script. You would then need to append the following lines.

Create a new notepad file and name it ADMTexclusion.vbs and enter the lines below.Set objMig = CreateObject("ADMT.Migration")

Another option is to use ADMT to bulk move\seed them without any attributes, then use either powershell or old friend ADModify to bulk update the proxyaddresses, mail and mailnickname. Typically you would use %'samaccount'% as the variable to fill in these attributes.

Finally you can just provision the account using Prepare-MoveRequest.ps1 first then use ADMT.